Enthuware

Java Certification Resources and Java Discussion Forum
https://enthuware.com/forum/

About Question enthuware.ocpjp.v11.2.3420 :

https://enthuware.com/forum/viewtopic.php?f=2&t=5763

Page 1 of 1

Re: About Question enthuware.ocpjp.v11.2.3420 :

Posted: Tue Jan 26, 2021 9:28 am
by peterz
Could someone explain, why the code violates "Resource limit checks should not suffer from integer overflow"? I don't see any resource limit checks in the code. I undestand that the code might crash if the length becomes smaller due to overflow, but I don't see the security problem here.

Re: About Question enthuware.ocpjp.v11.2.3420 :

Posted: Tue Jan 26, 2021 10:01 am
by admin
It may not exactly be a security problem but it does violate the Guideline 1-3 / DOS-3: "Resource limit checks should not suffer from integer overflow".
A method that allocates large chunks of memory is prone to denial of service attacks as well.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited